Pinger 1.0 - Remote Code Execution

Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...

Uptime-Kuma < v1.23.0 - Improper Access Control

Uptime-Kuma before v1.23.0 is vulnerable to an information disclosure issue due to missing authorization on the /api/badge/1/ping/24 endpoint. An unauthenticated attacker can access this endpoint to leak ping statistics, such as average ping and ping history, for existing monitors without needing...

RLSA-2026:18162 Moderate: iputils security update

The iputils packages contain basic utilities for monitoring a network, including ping. Security Fixes: iputils: iputils integer overflow CVE-2025-48964 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE...

Exploit for Improper Authentication in Influxdata Influxdb

LAB 5-CVE-2019-20933 I. SYSTEM ANALYSIS Identify...

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

EUVD-2026-31752

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is...

CVE-2026-9514

The CVE-2026-9514 entry concerns Totolink CA750-PoE (firmware 6.2c.510). The vulnerability affects the Setting Handler’s /cgi-bin/cstecgi.cgi setNetworkDiag function, where argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is directly passed by the attacker,...

CVE-2018-25369

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

CVE-2018-25369

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

CVE-2018-25369 Visual Ping 0.8.0.0 Buffer Overflow Denial of Service

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

CVE-2018-25369 Visual Ping 0.8.0.0 Buffer Overflow Denial of Service

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

EUVD-2018-21890

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

CVE-2018-25369

CVE-2018-25369 affects Visual Ping 0.8.0.0, where a buffer overflow in input field handling allows a local attacker to crash the application. Specifically, injecting oversized data (&gt;4108 bytes) into the Host, Time Out, Packet Size, Pause, or Loops fields triggers a denial of service. The vuln...

CVE-2018-25360

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructio...

PT-2026-43213

AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious ping.txt file with shellcode and jump instructio...

PT-2026-43221

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

PT-2026-43157

Name of the Vulnerable Software and Affected Versions Totolink CA750-PoE version 6.2c.510 Description An OS command injection issue exists in the Setting Handler component. The setNetworkDiag function within the '/cgi-bin/cstecgi.cgi' endpoint fails to properly sanitize several arguments, allowin...

Visual Ping 安全漏洞

Visual Ping is a website change monitoring tool from Visual Ping. A security vulnerability exists in Visual Ping version 0.8.0.0, which stems from a buffer overflow in input field handling that could cause a local attacker to crash the application by supplying oversized data...

MAL-2026-4382 Malicious code in @djessicatony/folk-mcp-canary (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a504172fe0e456bd96cf7b4f9a6b6dda65dee7bd573833bbf5963b0be7a05ae8 index.js contains a beacon-style exfiltration primitive: a fetch POST at line 60-61 sends process.env data read at lines 30 and 34 to a hardcoded...

Malicious code in open-agents-ai (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ecd54a57bfc95ce17e9e2279808810d09bb3285a15af6198f9f40f7a8f5307f7 package.json declares both preinstall and postinstall lifecycle hooks that invoke curl, and ships dist/postinstall-daemon.cjs — a Node script that...